Chapter 1
Chapter 1: The ABCs of GRC .............................................................................................
In This Chapter
Getting to know GRC
Discovering the GRC stakeholders
Understanding GRC by the letters
Deciding on your approach to GRC
G
overnance, Risk, and Compliance, almost always referred to as GRC, is
the latest addition to the parade of three-letter acronyms that are used
to describe the processes and software that run the business world. The goal
of GRC is to help a company efficiently put policies and controls in place to
address all its compliance obligations while at the same time gathering infor-
mation that helps proactively run the business. Done properly, GRC creates a
central nervous system that helps you manage your business more effectively.
You also derive a competitive advantage from understanding risks and choos-
ing opportunities wisely. In other words, GRC helps you make sure that you
do things the right way: It keeps track of what you are doing and raises an
alert when things start to go off track or when risks appear.
This opening chapter takes you on a top-to-bottom tour of GRC to help you
understand in greater detail what GRC means and what companies are doing
to lower the costs and create new value.
Getting to Know GRC .......................................................................................
GRC is not just about complying with requirements for one quarter or one
year. Rather, those who are serious about GRC, meaning just about everyone
these days, seek to create a system and culture so that compliance with
external regulations, enforcement of internal policies, and risk management
are automated as much as possible and can evolve in an orderly fashion as
business and compliance needs change. That’s why some would say that the
C in GRC should stand for controls: controls that help make the process of
compliance orderly and make process monitoring — and improvement —
easier.